From 08e637e049456a6bb0e1fa5389473f4fb7a4433c Mon Sep 17 00:00:00 2001 From: pashakostohrys Date: Fri, 20 Sep 2024 15:12:40 +0300 Subject: [PATCH] acr manifests --- Dockerfile | 1 + acr_controller/application/client.go | 5 ++ changelog/CHANGELOG.md | 2 - .../acr-controller-deployment.yaml | 82 +++++++++++++++++++ .../acr-controller/acr-controller-role.yaml | 43 ++++++++++ .../acr-controller-rolebinding.yaml | 15 ++++ .../acr-controller/acr-controller-sa.yaml | 8 ++ .../base/acr-controller/kustomization.yaml | 8 ++ 8 files changed, 162 insertions(+), 2 deletions(-) delete mode 100644 changelog/CHANGELOG.md create mode 100644 manifests/base/acr-controller/acr-controller-deployment.yaml create mode 100644 manifests/base/acr-controller/acr-controller-role.yaml create mode 100644 manifests/base/acr-controller/acr-controller-rolebinding.yaml create mode 100644 manifests/base/acr-controller/acr-controller-sa.yaml create mode 100644 manifests/base/acr-controller/kustomization.yaml diff --git a/Dockerfile b/Dockerfile index 25f8dce749765..d2e156c760262 100644 --- a/Dockerfile +++ b/Dockerfile @@ -136,6 +136,7 @@ USER root RUN ln -s /usr/local/bin/argocd /usr/local/bin/argocd-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-repo-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/event-reporter-server && \ + ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-change-revision-controller && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-cmp-server && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-application-controller && \ ln -s /usr/local/bin/argocd /usr/local/bin/argocd-dex && \ diff --git a/acr_controller/application/client.go b/acr_controller/application/client.go index fe276fcff4399..e9c9e51441ffa 100644 --- a/acr_controller/application/client.go +++ b/acr_controller/application/client.go @@ -2,6 +2,7 @@ package application_change_revision_controller import ( "context" + "crypto/tls" "encoding/json" "fmt" appclient "github.com/argoproj/argo-cd/v2/pkg/apiclient/application" @@ -41,6 +42,10 @@ func NewHttpApplicationClient(token string, address string, rootpath string) App return &httpApplicationClient{ httpClient: &http.Client{ Timeout: 30 * time.Second, + Transport: &http.Transport{ + // Support for insecure connections + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + }, }, baseUrl: address, token: token, diff --git a/changelog/CHANGELOG.md b/changelog/CHANGELOG.md deleted file mode 100644 index 47cb3a8281c7d..0000000000000 --- a/changelog/CHANGELOG.md +++ /dev/null @@ -1,2 +0,0 @@ -### Chore -- chore: selfheal additional logs in CompareAppState \ No newline at end of file diff --git a/manifests/base/acr-controller/acr-controller-deployment.yaml b/manifests/base/acr-controller/acr-controller-deployment.yaml new file mode 100644 index 0000000000000..baf85faaf85df --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-deployment.yaml @@ -0,0 +1,82 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: acr-controller + template: + metadata: + labels: + app.kubernetes.io/name: acr-controller + spec: + serviceAccountName: acr-controller + containers: + - name: acr-controller + image: quay.io/argoproj/argocd:latest + imagePullPolicy: Always + args: + - /usr/local/bin/argocd-application-change-revision-controller + env: + - name: ARGOCD_SERVER + value: "http://argocd-server:80" + - name: ARGOCD_TOKEN + valueFrom: + secretKeyRef: + key: token + name: argocd-token + - name: ARGOCD_APPLICATION_NAMESPACES + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: application.namespaces + optional: true + - name: ACR_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.log.format + optional: true + - name: ACR_CONTROLLER_LOG_LEVEL + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.log.level + optional: true + - name: ACR_CONTROLLER_LISTEN_ADDRESS + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: acr.listen.address + optional: true + ports: + - containerPort: 8090 + name: health + livenessProbe: + httpGet: + path: /healthz?full=true + port: health + initialDelaySeconds: 3 + periodSeconds: 30 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /healthz + port: health + initialDelaySeconds: 3 + periodSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault diff --git a/manifests/base/acr-controller/acr-controller-role.yaml b/manifests/base/acr-controller/acr-controller-role.yaml new file mode 100644 index 0000000000000..3a1e1991680e7 --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-role.yaml @@ -0,0 +1,43 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller +rules: +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +- apiGroups: + - argoproj.io + resources: + - applications + - appprojects + - applicationsets + verbs: + - create + - get + - list + - watch + - update + - delete + - patch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - list diff --git a/manifests/base/acr-controller/acr-controller-rolebinding.yaml b/manifests/base/acr-controller/acr-controller-rolebinding.yaml new file mode 100644 index 0000000000000..e70280a6bc3f9 --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-rolebinding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: acr-controller +subjects: +- kind: ServiceAccount + name: acr-controller diff --git a/manifests/base/acr-controller/acr-controller-sa.yaml b/manifests/base/acr-controller/acr-controller-sa.yaml new file mode 100644 index 0000000000000..0042922267f34 --- /dev/null +++ b/manifests/base/acr-controller/acr-controller-sa.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/name: acr-controller + app.kubernetes.io/part-of: argocd + app.kubernetes.io/component: acr-controller + name: acr-controller diff --git a/manifests/base/acr-controller/kustomization.yaml b/manifests/base/acr-controller/kustomization.yaml new file mode 100644 index 0000000000000..93d7ff439875f --- /dev/null +++ b/manifests/base/acr-controller/kustomization.yaml @@ -0,0 +1,8 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- acr-controller-deployment.yaml +- acr-controller-role.yaml +- acr-controller-rolebinding.yaml +- acr-controller-sa.yaml